The Office of Inadequate Security
In 2023, a ransomware attack against Lehigh Valley Health Network by AlphV (BlackCat) involved the threat actors leaking nude photos of some cancer patients. In reporting on one of the first class action lawsuits launched against LVHN, DataBreaches pointed out how significant this situation and litigation might be, in part, because of the nude photos…
Beth Treffeisen reports: A women’s gynecological clinic in Attleboro is suing a neighboring crisis pregnancy center, accusing it of hacking its confidential online portal and misleading patients to prevent abortion. Four Women Health Services alleges that Attleboro Women’s Health Center, also named Abundant Hope Pregnancy Resource Center, broke computer fraud, consumer protection, and wiretapping laws…
Susan Morse reports: The Centers for Medicare and Medicaid Services and Wisconsin Physicians Service Insurance Corporation are mailing written notifications to 946,801 people whose protected health information or other personally identifiable information may have been compromised in a cyber breach. A security vulnerability was found in MOVEit software, a third-party application used in the transfer…
For your “no need to hack when it’s leaking” files: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained thousands of records belonging to Confidant Health — an AI-powered platform offering mental health and addiction treatment. The database contained patient PII, psychosocial assessments including details about mental health or substance abuse,…
David DiMolfetta reports: Around 350 of some 1,800 small and rural U.S. hospitals are leveraging free and low-cost private sector cybersecurity resources that were marshaled by the White House this summer, a top White House cyber official said Tuesday. Deputy National Cyber Director for Cybersecurity and Emerging Technology Anne Neuberger provided the update at the…
Shalyn Watkins of Holland & Knight writes: For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and Accountability Act (HIPAA), it is a requirement that the entity enter into a business associate contract, also…